List of Bandolier Audit Files
From SCADApedia
Bandolier helps asset owners and vendors identify and audit optimal security configuration for control system servers and workstations. In this Department of Energy funded project, Digital Bond partners with leading control system application vendors to establish practical security configuration guidance for SCADA, DCS, and other industrial control system components. Digital Bond then creates and distributes specialized security audit files that can be used with the Nessus vulnerability scanner. Bandolier, in conjunction with Nessus, is the most widely used security tool in industrial control systems.
Below is the list of Bandolier audit files and their current status.
| Vendor | Application Name | Version | Operating System | Status |
| ABB | Ranger RDAS | 2003 | Tru64 UNIX | 1.0 |
| ABB | Ranger RAS | 2003 | Tru64 UNIX | 1.0 |
| ABB | Ranger Web Server | 2003 | Tru64 UNIX | 1.0 |
| ABB | Ranger Workstation | 2003 | Windows XP | 1.0 |
| ABB | 800xA PPA Connectivity Server | 5.x | Windows Server 2003 | Development |
| ABB | 800xA PPA Aspect Server | 5.x | Windows Server 2003 | Development |
| ABB | 800xA PPA Historian | 5.x | Windows Server 2003 | Development |
| ABB | 800xA PPA Domain Controller | 5.x | Windows Server 2003 | Development |
| ABB | 800xA PPA Eng/Operator Workplace | 5.x | Windows XP | Development |
| AREVA | e-terraplatform (Production Server) | 2.5 | Windows Server 2003 | 1.0 |
| AREVA | e-terraplatform (Production Server) | 2.5 | Red Hat Linux 5.3 | 1.0 |
| AREVA | e-terrabrowser (Web Display Server) | 3.5 | Windows Server 2003 (IIS v6) | 1.0 |
| AREVA | e-terrabrowser (Web Display Server) | 3.5 | Red Hat Linux 5.3 (Apache v2.0) | 1.0 |
| AREVA | e-terrabrowser (Client) | 3.5 | Windows XP | 1.0 |
| Emerson | Ovation Engineering Station | 3.1 Family | Windows XP | Beta |
| Emerson | Ovation Operator Workstation | 3.1 Family | Windows XP | Beta |
| Emerson | Ovation Process Historian | 3.1 Family | Windows Server 2003 | Beta |
| Emerson | Ovation SCADA Communication Server | 3.1 Family | Windows Server 2003 | Beta |
| Invensys | Wonderware | 10.0 | Windows Server 2003 | Development |
| Matrikon | Security Gateway/Tunneller | Windows Server 2003 | 1.0 | |
| OSIsoft | PI Enterprise Server | 3.3.x-3.4.x | Windows Server 2003 | 1.0 |
| Siemens | Spectrum Power TG SCADA Host | 8.2 | Red Hat Linux | 1.0 |
| Siemens | Spectrum Power TG SCADA Workstation | 8.2 | Windows XP | 1.0 |
| Siemens | Siemens Spectrum Power TG Web Console | 8.2 | Windows Server 2003 | 1.0 |
| SNC-Lavalin ECS | GENe SCADA | Red Hat Linux | 1.0 | |
| Telvent | OASyS DNA Realtime Server | 7.5 | Windows Server 2003 | 1.0 |
| Telvent | OASyS DNA Historian | 7.5 | Windows Server 2003 | 1.0 |
| Telvent | OASyS DNA XOS | 7.5 | Windows XP | 1.0 |
| Telvent | OASys DNA Engineering Station | 7.5 | Windows Server 2003 | 1.0 |
Rights and Restrictions
Digital Bond creates two Bandolier Security Audit Files for each control system component. The .App file was developed by Digital Bond, Inc. This Bandolier Security Audit File is the sole property of Digital Bond, Inc., and Digital Bond retains full ownership rights to this file.
The OS file is a modified version of a .audit file originally written and maintained by Tenable Network Security, www.tenablesecurity.com . The original .audit file is copyright Tenable Network Security. Tenable has granted Digital Bond permission to make modifications to the original .audit file, to produce an updated .audit file, and to distribute this updated .audit file to its customers and partners. Tenable and Digital Bond maintain a collective ownership of this updated .audit file, called a Bandolier Security Audit File for OS checks.
Digital Bond is providing the Bandolier Security Audit File "as is" without: (1) any warranties to the effectiveness or accuracy or (2) the responsibility to make or notify you of any bug fixes or updates of any kind.
Restriction: The Bandolier Security Audit Files or any derivative of these files shall not be posted on any website, bulletin board, ftp server, newsgroup, or other similar mechanism or device without the prior written consent of Digital Bond, Inc.
See Also
Bandolier Audit Check Examples
Bandolier User Guide for Nessus
